Overview

overview

7

Static

static

3

5c034dc061...92.exe

windows7-x64

7

5c034dc061...92.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/01/2024, 03:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c034dc0613f5f9afb3d1d3c1afbd092.exe

  • Size

    1.9MB

  • MD5

    5c034dc0613f5f9afb3d1d3c1afbd092

  • SHA1

    39eed7d619241ad06d72bcaec85e591ecc49af90

  • SHA256

    16f07766832aacd77f4ff647d9db09d08894362d60055b5e82803640dd72f493

  • SHA512

    59d3a4acffd81cf07afeacea447a0a1a73e4707222b6bb80f0f1d29b1a508095ac11e70f2b98ef904dab792de58898dca0f4c12ffaa6c9fdb69a9e2365726178

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10d1IfFAJjb9q8W1f6/nL1l1o2EBLR5d4BsTAtn:Qoa1taC070dY6pS6/L1lbEFOsOOt0x

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c034dc0613f5f9afb3d1d3c1afbd092.exe
    "C:\Users\Admin\AppData\Local\Temp\5c034dc0613f5f9afb3d1d3c1afbd092.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Users\Admin\AppData\Local\Temp\3D76.tmp
      "C:\Users\Admin\AppData\Local\Temp\3D76.tmp" --splashC:\Users\Admin\AppData\Local\Temp\5c034dc0613f5f9afb3d1d3c1afbd092.exe 8C6E4CD400E31EDBE6BFFB3C4F6BE27C2A4E11D3D63716250CFE393CE74867501F46F238F84244043743B74258FE59C62EEC660BB76971671911D98533F82194
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3D76.tmp
    Filesize

    1.9MB

    MD5

    eb108eb16f837d83c8dab6ad38df6a5b

    SHA1

    0062fc90bd90f72fb6e5ae897a82ea4e6b563edd

    SHA256

    cd2605d677194c1230994adf2026248d7e3c7b0a8a124715bc15001aaff4b96f

    SHA512

    3b48eb15379563863e5b097ec75e580439dda2a301008f3fada2977b4df1e55f6b04a4b7c946a3aa52f8b3a14c95f20a15716ab87e3edca484e211366baf0f4a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3D76.tmp
    Filesize

    1.4MB

    MD5

    554bcedcb933e7da049cf51e07a0bd79

    SHA1

    9d94048545029f48c663c5dc49c11d25b9d4c791

    SHA256

    3a6bd9721eff0ece1cb36b460f3b39afa34a5c3f331e39c2979030ec3644d785

    SHA512

    80b44d6f86b76bb4160a973bb5628d114f374500aece84e76e9a61edeed345ef127f2979b7efb92d02f9e1a8f7bdc223da97458816984c7cbbc60cf70c752d48

    Download Submit

  • memory/2420-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3572-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download